Gpg4win helps users to securely encrypt and sign files with the help of encryption and digital signatures in windows platform. Gpg4win is the official GnuPG distribution for Windows .You can download it here.
After installing it you can use GUI to create a key or else use the command prompt to genertae the key.
This will ask number of options to be filled(name,mail,city code, etc..)After the successful generation, you can export your public key;
This will save your public key at your current directory. Save it safely. You might need to provide your public key when you sign the files.
Now create a checksum file for your file;(You may need to install OpenSSL utility for windows)
(eg: lets use a zip file to be signed)
Change directory path your 'test.zip' folder location..
This will create a checksum named " test.zip.md5".
Then sign the test.zip file;
Finally verify whether, you have signed the packs without any issue;
Output indicates it is a bad signature or good one;
gpg: Signature made 10/29/11 13:08:56 Sri Lanka Standard Time using RSA key ID 125C5F48
gpg: Good signature from "vijayaratha"
If you check via the GUI, it will list out available certificates;
After installing it you can use GUI to create a key or else use the command prompt to genertae the key.
#gpg --gen-key
This will ask number of options to be filled(name,mail,city code, etc..)After the successful generation, you can export your public key;
#gpg --armor --export> KEYS
eg: gpg --armor --export ratha > KEYS
This will save your public key at your current directory. Save it safely. You might need to provide your public key when you sign the files.
Now create a checksum file for your file;(You may need to install OpenSSL utility for windows)
(eg: lets use a zip file to be signed)
Change directory path your 'test.zip' folder location..
#openssl md5 <test.zip> test.zip.md5
This will create a checksum named " test.zip.md5".
Then sign the test.zip file;
#gpg --armor --output test.zip.asc --detach-sig test.zip
Finally verify whether, you have signed the packs without any issue;
#gpg --verify test.zip.asc test.zip
Output indicates it is a bad signature or good one;
gpg: Signature made 10/29/11 13:08:56 Sri Lanka Standard Time using RSA key ID 125C5F48
gpg: Good signature from "vijayaratha
If you check via the GUI, it will list out available certificates;